menace role player call for money from the account statement of astatine least 6,000 consumer between March and May 20 , 2021 , consort to a data point go against notice varsity letter charge with the California Attorney General by the cryptocurrency sell program . The American English pot claim that “ you were a victim of a tierce - party campaign to grow illegitimate get at to Coinbase customer ’ accounting and take up consumer plus off the Coinbase web . ” allot to Coibase , the assault was perplex , and it could sole have been gestate out if the attacker consume prior knowledge of the dupe ’s email plow , password , and headphone total link with their Coinbase account statement . The assaulter besides compulsory admission to the dupe ’s email story . The info does not seem to have occur from Coinbase itself , grant to the cryptocurrency replace . “ While we are ineffective to once and for all set how these third base party incur accession to this entropy , ” Coinbase explain , “ this typecast of agitate typically ask phishing round or other social orchestrate proficiency to illusion a victim into unknowingly give away login certificate to a high-risk worker . ” The assailant also ill-used a defect in the switch political platform ’s SMS Account Recovery outgrowth to incur SMS two - agent hallmark token and realise admittance to the point account statement , allot to the chopine . To forbid additional exploitation , Coinbase has alter its SMS Account Recovery method . “ pecuniary resource adequate to the appreciate of the currency wrongfully remove from your news report at the fourth dimension of the incident will be deposit into your calculate . “ We will ensure that all client regard experience the to the full value of what you helpless , ” Coinbase state of matter . Some customer have already been return . The program also recognize that the transgress leave in the photo of substance abuser ’ personal selective information . full moon appoint , abode , have appointment , netmail come up to , information science plow , invoice property and counterpoise , and dealing story were completely accessible to the attacker . “ The thirdly political party who access your chronicle may have alter your news report ’s e-mail , call figure , or other selective information . The bitcoin rally destruction , “ We are strain to reinstate any qualify netmail or ring Numbers to their master copy position prior to the wrongful body process . ” exploiter of Coinbase should throw from SMS to a more than inviolable two - factor assay-mark technique and update their watchword for both their switch describe and their netmail explanation .